FP: magic number where no number is used

#define OS_FD_SETSIZE   FD_SETSIZE

....

struct OsFdSet
{
   fd_set s[OS_FD_SETSIZE / FD_SETSIZE];
};

I cannot see any number in this line. We do not have any numbers in this file…

  • cpp (windows VS build)
  • SonarQube (9.9 LTS)

Hey there.

Please take the time to review this post:

Which specifies that, among other things, you need to share a text-snippet of code, not a screenshot.

I swear I have read this and it said “screenshots ok”. I guess i missread. Nevermind… Edited initial post.

Hello @KUGA2,

Thank you for reporting this false positive!

Could you please send me additional information to help me reproduce the issue? I did not succeed with the current information, maybe because my configuration differs from yours or because the false positive is due to how fd_set is defined.

Specifically, I would need a reproducer. To generate one on SonarQube:

  • Search in the analysis log for the full path of a source file that creates this false-positive, i.e., a source file that includes **_p_fd_set.h where the false positive is. You will have to use precisely this name (same case, / or \…)
  • Add the reproducer option to the scanner configuration:
    sonar.cfamily.reproducer=“Full path to the .cpp”
  • Re-run the scanner to generate a file named sonar-cfamily.reproducer in the project folder.

If you think the reproducer file contains private information, let me know, and I’ll send you a private message allowing you to send the file privately.

Cheers,
Amélie

I hesitate sending the sonar-cfamily-reproducer.zip (!) file because it contains a lot of sensitive information (paths, compile_commands.json).

I was able to reproduce it with a simple:

sq.cpp

#include "os_p_fd_set.h" // OsFdSet

os_p_fd_set.h

#ifndef OS_P_FD_SET_H
#define OS_P_FD_SET_H

#include <sys/select.h> // fd_set, FD_SETSIZE

#define OS_FD_SETSIZE (2 * FD_SETSIZE)

// Aggregation of n fd_set elements
struct OsFdSet
{
    fd_set s[OS_FD_SETSIZE / FD_SETSIZE];
};

#endif // OS_P_FD_SET_H

So should you, I guess. Can you try again before I ask my supervisor if I can share it.

Btw: Is it normal, that the analysis fails (some java stacktrace) when I add sonar.cfamily.reproducer?

Hello,

I am sorry, but I still failed to reproduce the issue. (I have one code smell: “Use “std::array” or “std::vector” instead of a C-style array.” but that is it).

The reproducer contains helpful information: the SonarQube version, the compiler version, the compiler options, etc. It enables us to reproduce exactly what you have and ensure our fix will work for your case. I understand this is sensitive information, but it will only be used for debugging.

What about creating a reproducer for your more straightforward example?

Thanks,
Amélie

PS: Yes, it is expected, as the reproducer is for debugging and should not be activated for day-to-day analysis.

For anyone reading here. We had a long back and forth in private messages. We learned that it need this code to reproduce:

#include "os_p_fd_set.h"

void os_socket_select()
{
   OsFdSet read;
   if (true)
   {
      OsFdSet readCopy = read;
      read = readCopy;
   }
}

@Amelie is now looking into that.

3 Likes

Hi @KUGA2, thank you very much for taking the time to report the issue and collaborate with us to track it down and write the minimal example. :smile:

We have identified the reason behind the issue and created CPP-4714 to track work on it.

Best regards,
Michael

2 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.